Commit 30b0b790d7513b6b5cbfc323a6854a29013a2841
1 parent
ac7e5779
Exists in
master
and in
39 other branches
Allowing superusers to edit other profiles
Showing
3 changed files
with
5 additions
and
5 deletions
Show diff stats
src/accounts/templates/accounts/user_detail.html
| ... | ... | @@ -19,9 +19,9 @@ |
| 19 | 19 | <em>{{ user_.username }}</em> |
| 20 | 20 | </h1> |
| 21 | 21 | |
| 22 | - {% ifequal request.user user_ %} | |
| 23 | - <a class="btn btn-info" href="{% url 'user_profile_update' user_ %}"><span class="glyphicon glyphicon-pencil"></span> {% trans "update your profile"|title %}</a> | |
| 24 | - {% endifequal %} | |
| 22 | + {% if request.user == user_ or request.user.is_superuser %} | |
| 23 | + <a class="btn btn-info" href="{% url 'user_profile_update' user_ %}"><span class="glyphicon glyphicon-pencil"></span> {% trans "edit profile"|title %}</a> | |
| 24 | + {% endif %} | |
| 25 | 25 | |
| 26 | 26 | <div class="divider"></div> |
| 27 | 27 | {% if request.user.is_active %} | ... | ... |
src/accounts/templates/accounts/user_update_form.html
src/accounts/views.py
| ... | ... | @@ -33,7 +33,7 @@ class UserProfileUpdateView(UserProfileBaseMixin, UpdateView): |
| 33 | 33 | |
| 34 | 34 | def get_object(self, *args, **kwargs): |
| 35 | 35 | obj = super(UserProfileUpdateView, self).get_object(*args, **kwargs) |
| 36 | - if self.request.user != obj: | |
| 36 | + if self.request.user != obj and not self.request.user.is_superuser: | |
| 37 | 37 | raise PermissionDenied |
| 38 | 38 | |
| 39 | 39 | return obj | ... | ... |